Tagged Questions

BCrypt is an adaptive cryptographic hash function for passwords. It incorporate a salt to protect against rainbow table attacks and is also an adaptive hash - over time it can be made slower and slower so it remains resistant to specific brute-force search attacks against the hash and the salt.

I am working on a Spring-MVC application which uses Hibernate as the
ORM and PostgreSQL as the database, in which I am looking for
on-the-fly encryption decryption solution, but only for 2 columns in
...

I am building a web application where the front-end is a single-page-app and the back-end serves it through a RESTful API. I want to make sure I implement user authentication with the best security ...

In many places I heard that people recommend to use the bcrypt algorithm to save passwords into database while creating web applications.I want to know what is the algorithm used to bcrypt a password ...

I am concerned about the use of bcrypt for client-side password generation. I am developing a password generation function to be used client-side, similar to PwdHash and PasswordMaker.
Much has been ...

I am currently using a technique where I send the username/password in cleartext (using https) to the server, which then does bcrypt and compares to the db. Standard practice.
It is considered safe.
...

I have an android app that connects to a server through HTTP (notice the abscence of S, also android means Java, so nothing I'll hardcode in my app will be unreachable).
I want to store the password ...

One of my colleagues is working on securing OAuth 2 client IDs and secrets for our OAuth server and he has come up with this scheme where he would not only use UUID v4 to generate random values, but ...

I'm asking my question here since I was not able to find an answer anywhere.
I have written a piece of software which stores pretty delicate passwords. I have used BCrypt as hashing algorithm with an ...

I want to allow any-sized passwords to be allowed to be submitted. I currently use bcrypt as a key derivation function for passwords, however I have realized that it has a maximum input length of 72.
...

Can anyone give me an idea? Assume the salt(s) is/are known.
For example, if I have a $k$-character long password that is hashed in MD5 versus bcrypt, is there a way to estimate how much more time it ...

When storing user's passwords that you need to verify against (but not use as plaintext) the current state of the art is:
Hash the password
Use a salt
Use a slow hash function - bcrypt, scrypt, etc.
...

I've been reading up on password storage and such, and have come to the conclusion that I need to be using bCrypt.
I've got an implementation working correctly, but I'm wondering the best way to move ...

When the subject of password hashing comes up, a lot of developers get exasperated by people using outdated, broken, or hand-rolled hashing schemes, and I frequently hear "just use bcrypt!" repeated ...

I have a feature request to connect my PHP web-app to the users mail server. I have usually strayed away from this type of work as it will mean storing the users email passwords.
My question: is it ...

I'm wondering if it's possible to increase the work factor of an already encrypted bcrypt password.
e.g. I have a password that was encrypted with a work factor of 5, is it possible to increase the ...

So, our database is using bcrypt with a high iteration/cost to store our users passwords. We're using https like intelligent people and we continue to work on finding ways to sidestep our own security ...

So, i learned that new in PHP 5.5 is password-hash() which works much like crypt(). Which is more secure (slower) than md5() or sha1(). The result string is algo+hash+salt, which can be passed as-is ...

I want some advice on my Authorization/Authentication scheme that I will be using for my Web API that I am writing.
Firstly the Authentication :
1) When a user first logs in and they are authorized, ...

I'm fairly new to encryption, and I am investigating the different kind of encryptions. I want to encrypt passwords in a secure way. I discussed this with my colleague, and he said that BCrypt is the ...

I have been interested in implementing authentication method for a web app that is run in modern browsers, without having to send the password over the wire.
Can anyone suggest improvements or even ...

I'm new to cryptography and its implementations. I'm designing an Android app where an user enters a password to retrieve some encrypted data. After some research on possible solutions I ended up with ...

As I understand it, salting and hashing passwords is the way to go. I also understand that to authenticate a salted and hashed password, the random salt needs to be saved. Does this mean that if I use ...

I need to restrict some webpages to certain users and I do this using a .htpasswd file through nginx.
The problem is I need to add other people's bcrypt password hashes to my .htpasswd file. Would it ...

I need to encrypt a file with a password that can be memorized. So I was thinking about running the password through some rounds of Bcrypt before using it for AES encryption, so every time I want to ...